Tag: exploit
Anonymous claims responsibility for Moscow traffic jam tied to app exploit
On Thursday morning, Moscow’s busy Fili district became the site of a traffic jam unlike any before it. Motherboard (via The Verge) reports hackers used Russia’s Yandex Taxi ride-hailing app to order dozens of drivers to coverage on Kutuzovsky Prospekt, one of the city’s main thoroughfares. The act caused traffic on part of the already congested street to come to a standstill for about 40 minutes while Yandex worked to address the situation.
“On the morning of September 1st, Yandex Taxi encountered an attempt by attackers to disrupt the service — several dozen drivers received bulk orders to the Fili district of Moscow,” a Yandex spokesperson told Motherboard. In a separate statement shared with Russia’s state-owned TASS news agency, Yandex said it reworked its routing algorithm following the attack to prevent similar incidents from occurring in the future. The event is one of the first known instances of hackers exploiting a ride-hailing app to create a traffic jam.
Someone hacked #YandexTaxi and ordered all available taxis to Kutuzov Prospect in Moscow
Now there is a huge traffic jam with taxis.
It‘s like James Bond movie. pic.twitter.com/IatuAEtA2i
— Russian Market (@runews) September 1, 2022
Several Twitter accounts claiming affiliation with Anonymous say the hacktivist collective is behind the incident. On Friday, one Anonymous account said the group worked with the IT Army of Ukraine, a volunteer organization formed at the start of the war, to carry out the attack.
Anonymous previously claimed responsibility for a cyberattack that took down multiple Russian government websites, including those belonging to the Kremlin and the Ministry of Defence. “Faced with this series of attacks that Ukraine has been suffering from the Russian dictator Vladimir Putin, we could not help but support the Ukrainian people,” the group said at the time.
Microsoft found a severe one-click exploit in TikTok’s Android app
A serious vulnerability found by Microsoft in the TikTok Android app could have allowed hackers to hijack millions of accounts. On Wednesday, the company’s 365 Defender Research Team detailed a one-click exploit it informed TikTok of in February. The good news is that the social media company promptly patched the vulnerability before today’s disclosure and Microsoft says it has no evidence of someone using it out in the wild.
“We gave them information about the vulnerability and collaborated to help fix this issue,” Microsoft’s Tanmay Ganacharya told The Verge. “TikTok responded quickly, and we commend the efficient and professional resolution from the security team.”
According to Microsoft, the vulnerability involved an oversight with TikTok’s deep linking functionality. On Android, developers can program their apps to handle certain URLs in specific ways. For instance, when you tap on a Twitter embed in Chrome and the Twitter app automatically opens on your phone as a result, that’s an example of the deep linking feature working as intended.
However, Microsoft found a way to bypass the verification process TikTok had in place to restrict deep links from executing certain actions. They then discovered they could use that vulnerability to access all the primary functions of an account, including the ability to post content and message other TikTok users. The flaw was present in both global versions of TikTok’s Android app. The two releases have more than 1.5 billion downloads between them, meaning the potential impact of someone discovering the vulnerability before it was patched could have been massive.
Microsoft recommends all TikTok users on Android download the latest version of the app as soon as they can. More broadly, you can protect yourself in the future from similar exploits by not clicking on sketchy links. It’s also good practice to avoid sideloading apps as you don’t know how someone could have altered the APK.
Destiny 2 PvP exploit sees skill-based matchmaking completely negated
A Destiny 2 PvP exploit has marred what has been a great start to Season 18. The rag-tag crew at the centre of the MMO’s story and new game mode, Ketchcrash, reminiscent of the old Battlefield Titan Assault, gives lapsed players a reason to jump back into the fray. Those who prefer PvP game modes, however, might run into some issues if they’re on the lower end of the ability spectrum, as some players have found a workaround to the newly implemented skill-based matchmaking in quick-play games.
RELATED LINKS: Destiny 2 classes, Destiny 2 exotics, Destiny 2 builds
Daily Crunch: 4chan users exploit AI image generator’s ability to create realistic nude deepfakes
Acala Exploit Causes Polkadot-Based DeFi Platform’s Stablecoin to Drop 99%
Network and token freeze after Acala exploit raises questions
The Acala hack saw over a billion aUSD stablecoins minted from thin air, but now community members are scratching their heads wondering how a decentralized protocol would handle the clean up.
Over 1.2 Billion aUSD Minted in an Exploit of Polkadot’s DeFi Hub Acala
Curve Finance’s [CRV] condition after a $450,000 exploit recovery
Microsoft urges Windows users to run patch for DogWalk zero-day exploit
Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.
The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.